diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2017-06-15 19:37:11 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2017-06-15 19:37:11 +0000 |
| commit | f2170cccbe32b95fdcdd467be14c0ef2cdba1fda (patch) | |
| tree | 750ea9bb4b7c5080458b106c65b73c85f0263c08 /usr.bin/at/at.c | |
| parent | 30a7aa8f9ca513f317e15e787ecc8d73da4851e2 (diff) | |
Finer grained pledge for at(1). After setegid(), do a three-way pledge:
For AT and BATCH: "stdio rpath wpath cpath fattr getpw unix"
For ATRM: "stdio rpath cpath getpw unix"
For ATQ and CAT: "stdio rpath getpw"
"unix" is needed for poke_daemon() and "fattr" to chmod +x spoolfile.
idea and ok millert
Diffstat (limited to 'usr.bin/at/at.c')
| -rw-r--r-- | usr.bin/at/at.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/usr.bin/at/at.c b/usr.bin/at/at.c index 16a96a7baf4..21936c15e88 100644 --- a/usr.bin/at/at.c +++ b/usr.bin/at/at.c @@ -1,4 +1,4 @@ -/* $OpenBSD: at.c,v 1.80 2017/06/07 23:36:43 millert Exp $ */ +/* $OpenBSD: at.c,v 1.81 2017/06/15 19:37:10 tb Exp $ */ /* * at.c : Put file into atrun queue @@ -991,9 +991,26 @@ main(int argc, char **argv) if (setegid(spool_gid) != 0) fatal("setegid(spool_gid)"); } + + if (pledge("stdio rpath wpath cpath fattr getpw unix", NULL) + == -1) + fatal("pledge"); + break; + + case ATQ: + case CAT: + if (pledge("stdio rpath getpw", NULL) == -1) + fatal("pledge"); + break; + + case ATRM: + if (pledge("stdio rpath cpath getpw unix", NULL) == -1) + fatal("pledge"); break; + default: - ; + fatalx("internal error"); + break; } if ((pw = getpwuid(user_uid)) == NULL) |